Fix VPN traffice not displayed bug #129
Conversation
|
tested and am now seeing traffic on the vpn utun interface |
|
Minor change, merging now |
|
@zhangxp1998 - great fix! Thanks for taking care of this so quickly. Do you think this only happens on macos? |
It happens to all platforms which Maybe we should get a FreeBSD box and test. |
|
I'm considering working on |
|
That's cool - I think they'd also be happy with more hands maintaining the repo if you feel like it. |
|
@zhangxp1998 Do you know if libpnet changed with the point_to_point header? I'm currently not seeing utun traffic unless I revert this change. It seems the offset is only needed for loopbacks on macos now? |
|
I am having the same issue - bandwhich has not worked since I upgraded to a newer NordVPN client and started using their NordLynx/Wireguard protocol. Not sure if this is related to it not being a macOS built-in protocol... or their own implementation at that. Setting the payload_offset back to zero works. |
|
@jconley That's helpful context, the |
|
Thanks for weighing in on this, @thepacketgeek and @jconley. IMO the best thing to do right now would be to hide this functionality behind a command line flag (unless you have other suggestions?). Would any of you like to work on this? |
|
@imsnif I'm checking into it now, trying to find out if it's just a WireGuard thing (which would make for a good CLI flag), or changed behavior across utun interfaces with libpnet. |
|
I guess this is because wireguard changed how their network interface work? |
|
@zhangxp1998 Yes, with some testing it does seem to be Wireguard specific. Let me see if there's something bandwhich can detect automatically, otherwise it might make sense to have a |
|
@thepacketgeek i actually configured the app-store NordVPN client to use IKEv2 - and only |
|
Heya! Just swooping in because I have a private Wireguard network bridging a bunch of my devices. When configured with just I think this backs up @jconley 's theory that it's something other than Wireguard itself causing the issue here :) |
|
@TheLostLambda can you verify if it's counting only the encrypted traffic to the vpn server... or also the functional non-vpn-encrypted data to the sftp host. bandwhich can pick up one or both, but the latter is the useful info that has been missing. i would expect it to only pickup data to the vpn server without modifications... or the network_interface may be different in your setup. |
|
Hmm, I'll be honest, I'm not sure I know what you mean. In my case, the VPN server is also the sftp server. I'll drop some info here that might be helpful? If not, just let me know what you need :) My interface: My test file: SCP command: Bandwhich lines: There is additional, non-ssh traffic picked up there, but I'm not certain that's what you were looking for. Let me know if you'd like some different information. |
|
Thanks @TheLostLambda and @jconley for clarification of Wireguard only, I think I meant to say (happens with wireguard but not all utun interfaces globally). I have a draft PR (#192) adding this flag (for target_os = "macos" only), is this the right direction for handling the optional payload offset? |
|
@jconley Oh dear, I'm realising it's possible I've crashed into a MacOS debugging thread with Linux. I'm sorry, I probably should have taken a closer look at the issue 😅 All of my testing here has been on Linux, so I'm sorry if that's sparked confusion! |
|
Hey, so - before I move to reviewing the PR. So that I understand, what's the situation now? What sort of interfaces/os combinations need the offset and which don't? |
|
@imsnif I think we're still trying to figure that out. @jconley brought up the point that libpnet only seems to add offsets for loopbacks. This lines up with both of our testing of #192 (utun sniffing only works with --no-payload-offset flag), and is possibly a result of the change from libpnet 0.23 -> 0.26. @zhangxp1998 if you have a chance to test #192, can you confirm if your utun interfaces only work with the flag (indicating offset is only required for loopbacks)? |
Fix issue #126